Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Need to allow an external DNS to reply with an internal (ie. private) address

    DHCP and DNS
    3
    4
    1413
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      Rural last edited by

      For silly reasons, I need to allow DNS queries for an "outside" domain to map to an internal IP address. For example, blah.bloo.com (which isn't ours) might come back as 192.168.1.7. It seems like the way pfSense configures dnsmasq doesn't allow those sorts of queries, which seems sensible from a security perspective.

      Does dnsmasq do this sort of filtering? Anyone have a suggestion (other than "Don't do that!")?

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob last edited by

        Have you looked at Services -> DNS Forwarder scroll down to Host Override and Domain Override?

        1 Reply Last reply Reply Quote 0
        • C
          cmb last edited by

          You should be able to use a domain override in that case, that rule doesn't apply to domain overrides. That's much safer than just disabling the DNS rebinding checks entirely, though you can do that under System>Advanced if you really want to.

          1 Reply Last reply Reply Quote 0
          • R
            Rural last edited by

            @cmb:

            You should be able to use a domain override in that case, that rule doesn't apply to domain overrides. That's much safer than just disabling the DNS rebinding checks entirely, though you can do that under System>Advanced if you really want to.

            Have I got this right? Just override all DNS queries to the problem domain to…some outside DNS server. I can give that a try in a hurry.

            DNS rebinding! That's the term for it. I knew I'd read about it somewhere. Probably in The Book.

            No, I'd rather employ the work-around than disabling DNS rebind checks. Thanks for the tip.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy